|
META TOPICPARENT |
name="InstallationGuide" |
|
|
0.1 Installa SP |
|
< < | For the shibboleth installation use the package manager YUM and install the software. |
> > | For the shibboleth installation you can use the package manager YUM and install the software. |
|
$ yum install shibboleth
|
|
< < | After installation start server |
> > | After installation you have to start the server |
|
$ service shibd start |
|
0.1 Configure SP |
|
< < | For configuration go to /etc/shibboleth directory. |
> > | For configuration you have to move in /etc/shibboleth directory. |
|
If you want that SP support CASShib you must configure the shibboleth2.xml file. Each service needs to have its own protected Shibboleth address for CAS validation. For mapping URLs with services you must add this rows in the shibboleth configuration file. |
|
|
|
< < | After this, you configure the section with fake service. This means that if the request don't match the regular expressions return an error page. For configure the registrated services add this lines at the end of shibboleth2.xml file. |
> > | After this, you have to configure the section with fake service. This means that if the request doesn't correspond to the regular expressions return an error page. For configuring the registrated services you have to add these lines at the end of shibboleth2.xml file. |
|
<ApplicationOverride id="app1" entityID="https://halfback.cnaf.infn.it/casshib/app1" homeURL="https://halfback . cnaf . infn . it/app1/" REMOTE_USER="shibattr-mail"> |
| </ApplicationOverride >
|
|
< < | This rows configure the SP for query the IGI IDP with app1 service and INFN AAI with app2 service. The attribute REMOTE_USER specify which IDP's attributes will use for the authentication process in the portal. |
> > | These rows configure the SP for query the IGI IDP with app1 service and INFN AAI with app2 service. The attribute REMOTE_USER is used to specify which IDP's attributes will be used for the authentication process in the portal. |
| |
|
< < | Now configure the attribute-map.xml file for define the attribute used by shibboleth. Add this rows at the file. |
> > | Now we have to configure the attribute-map.xml file for defining the attribute used by shibboleth adding the following rows: |
|
<afp:AttributeRule attributeID="shibattr−eppn"> |
|
1 Apache server |
|
< < | For install a secure comunication for CASShib you neet to install the apache server which acts as a front-end. |
> > | For a secure communication you need to install the apache server which acts as a front-end. |
|
0.1 Install Apache |
|
$ yum install httpd |
|
< < |
After installation start server |
| $ service httpd start
|
|
< < | 0.1 Configure Apache |
> > | 0.1 Apache Configuration |
| |
|
< < | Add to httpd.conf file this row for enable shibboleth authentication. |
> > | We have to add to httpd.conf file the following rows for enabling shibboleth authentication. |
|
## |
| Include /etc/shibboleth/apache22.config
|
|
< < | Now comment all the row of apache22.config . Now configure Apache to use SSL. Edit the ssl.conf file in the Apache directory and in the default:443> section add this rows. |
> > | Then we have to comment all the rows of apache22.config . Now configure Apache to use SSL. Edit the ssl.conf file in the Apache directory and in the default:443> section add this rows. |
|
UseCanonicalName On |